Massive amounts of data are being generated daily – from exercise stats compiled by wearables through to smart building monitors that collect temperature and air pressure information every 15 minutes. If data creation continues at its present rate, more than a yottabyte (a million trillion megabytes) will likely be generated annually by 2030. We are really starting to put the big into big data!
But with data, comes data threat. The two are synonymous. Last year it is estimated that there were 4,100 publicly announced breaches in security equating to 22 billion records being compromised and a rise of over 25 percent is expected this year. In an attempt to mitigate these threats, it is unsurprising that within three years Gartner predicts that 10 percent of organisations will have implemented a measurable Zero Trust cyber security programme; up from the less than one percent today.
If you haven’t yet come across it, Zero Trust is a security paradigm that explicitly identifies users and devices and grants them just the right amount of access so the business can operate with minimal friction while risks are reduced. In other words: trust no one and give them and their devices as little access as possible. The root assumption of Zero Trust is that no resource interacting with data is inherently trustworthy. A “resource” can be an individual, a data set, a corporate or personal user device, a cloud service or software-as-a-service (SaaS) solution. Its security posture must be assessed whenever a resource requests access to corporate data. “Never trust, always verify” is the core principle.
One of the key pillars within Zero Trust is data hygiene. Hygienic data is accurate, complete, reliable, and up-to-date. Data quality is maintained by strictly controlling who creates, accesses, modifies, and shares it. Therefore, in a Zero Trust context data hygiene consists of actions that businesses should take to demonstrably improve data security effectiveness.
These actions are very similar to those outlined in GDPR and include:
- limiting the amount of data collected to only that which is necessary to support the purposes of the data collection
- ensuring data is clean and up to date
- destroying data when it is no longer needed
- limiting access to data to only those entities (devices, individuals, accounts that have a legitimate need to access the data
- not share data with others unless necessary and with the consent of those about whom the data applies
- keep your own personal and business data from being used and posted in ways for which you did not consent or is not necessary to support the purposes for which you originally allowed the data to be collected or derived
- keep unauthorized entities from accessing data
The second principle: keeping data clean and up to date; is particularly pertinent to us at The Software Bureau. In this instance, “clean” refers to error-free data. Dirty data contains outdated, incomplete, duplicated, or simply erroneous details. These errors can be introduced at any point while that data is in a system, whether it was incorrectly entered initially, altered accidentally when being updated, or data that has changed organically over time for instance a customer moving house, changing their name after getting married or perhaps sadly passing away. Within a Zero Trust programme every effort must be made to keep data clean. And it is recognised that data is not static, so data hygiene practices need to be carried out regularly; quarterly at the very least. It is recommended that the practice of cleaning data should be added to the data governance process so that it can be mapped into the organisation’s data lifecycle.
Data hygiene within Zero Trust has a higher-order role in enabling and protecting the business. According to Gartner 64 percent of board directors recognize digital infrastructure as strategically crucial to business growth and 88 percent see cybersecurity as a business risk. It is believed that high-quality data based on the zero-trust approach makes it easier for a business to create value by ensuring safeguards without constraining productivity, opening the door for innovation and the provision of better services.
For information about how our data hygiene solutions can be integrated into your Zero Trust programme get in touch!